Luke Howard wrote:
> >Cool ! Thanks - that looks like it - you can't kinit for the fqdn
> >host and cifs principals, but you can get them with kvno. Thanks
> >for the help, I'll store that away for future testing.... :-).
>> Actually, you may be able to kinit for the "fqdn" principals if
> you modify kinit to set the name canonicalize bit in the AS-REQ.
My experience was that kinit, or rather the krb5 client libs, don't like
when tickets come back for a different principal that they were requested
for...so the 2k KDC was sending them back OK, but kinit barfed. Does this
bit make them come back in the same format(seems like it would do the
opposite)?
----------------------------
Jim McDonough
IBM Linux Technology Center
Samba Team
6 Minuteman Drive
Scarborough, ME 04074
USA
jmcd at us.ibm.comjmcd at samba.org
Phone: (207) 885-5565
IBM tie-line: 776-9984